UPDATE: OWASP Dependency-Check 2.0.1!

Posted: 2 years ago by @pentestit3355 viewsUpdated: July 22, 2017 at 12:03 am

My first post about this OWASP project can be found here. This post discusses the changes made to the open source software composition analysis utility in the latest release yesterday. This is the OWASP Dependency-Check 2.0.1!

What is OWASP Dependency-Check?

OWASP Dependency-Check is a utility that identifies project dependencies and checks if there are any known, publicly disclosed, vulnerabilities. Currently Java and .NET are supported. Experimental analyzers include Python, Ruby, PHP (composer), and Node.js applications; these are experimental due to the possible false positive and false negative rates. To use the experimental analyzers they must be specifically enabled via the appropriate experimental configuration. In addition, dependency-check has experimental analyzers that can be used to scan some C/C++ source code, including OpenSSL source code and projects that use Autoconf or CMake.

OWASP Dependency-Check 2.0.1 changelog:

In addition to general bug fixes and false positive reductions the following enhancements were made:

Fixed issues when used with a proxy

Fixed issue with .NET Assembly Analyzer

For gradle users, when upgrading from 1.x to 2.x the dependencyCheck task was renamed to dependencyCheckAnalyze.

Special thanks to everyone that submitted a pull request & kudos to the OWASP Dependency-Check team!

Featured Post

Kali Linux 2019.1 is the latest Kali Linux release. This is the first 2019 release, which comes after Kali Linux 2018.4, that was made available in the month of October. This new release includes all patches, fixes, updates, and improvements since the last release – Kali Linux 2018.3, including a shiny new Linux kernel versionRead more about UPDATE: Kali Linux 2019.1 Release!